Hi All,
Can someone with fresh eye please review this config and tell me why
requests are infinite redirection to https?
I'm trying to forward inbound requests on port 443 either to the localhost
port 80 or the localhost port 25565, depending if it is a request for a WSS
or for HTTP (files)
Many thanks!
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream to-websocket {
server localhost:25565;
}
server_tokens off;
# SSL requirements. We use Certbot and LetsEncrypt
#ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by
Certbot
#ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed
by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
server {
# first redirect to https
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
# Now webserver
# Port 80 shouldn't be accesed from outside
listen 80 default_server;
listen [::]:80 default_server;
server_name -myFQDN- www.-myFQDN-;
return 404; # managed by Certbot
root /var/www/html;
}
server {
root /var/www/html;
index index.html index.htm;
server_name -myFQDN-;
# Proxy our outside https to local http
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed
by Certbot
ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; #
managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
try_files /nonexistent @$http_upgrade;
}
location @websocket {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host -myFQDN-;
proxy_set_header Referer https://-myFQDN-;
proxy_set_header Referrer https://-myFQDN-;
# proxy_pass http://localhost:25565;
proxy_pass http://to-websocket;
}
location @ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host -myFQDN-;
proxy_set_header Referer https://-myFQDN-;
proxy_set_header Referrer https://-myFQDN-;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:80;
}
}
[image: linkedin]
https://www.linkedin.com/in/michael-glenn-williams-45ab23228/
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org
